We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"The tools for logs and metrics are pretty good and easy to use."
"Provides an overview and high-level information."
"Technical support is helpful."
"The solution very easily integrates with Azure services and in one click you can monitor your resource."
"I use the solution to monitor the infrastructure and applications."
"We like this searchability and availability of the data."
"The feature that I found most valuable in Azure Monitor is its monitoring abilities. With Azure Monitor, you are able to monitor all of your cloud resources across multiple subscriptions in one dashboard and create solution-specific alerts that can trigger an email to the team responsible for that specific solution."
"Azure Monitor gives us the observability to check everything that we have in the cloud."
"The solution helped reduce our alert volume."
"Our clients are easily able to modify and evolve their implementations."
"The feature that we use the most is the correlation search engine within ES."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"Integration with the cloud is pretty important and good for us. We found the integration with a lot of tools, not all tools yet, valuable. It does make the transfer of data, log files, and other things easier for us."
"The log aggregation is great."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"The search function for spam is like a google search. You just enter and it will quickly show you the results."
"We cannot use AI services with the solution."
"The solution should have cross-connection or cross-communication between tech partners."
"have used multiple products like Webex and PRTG. Some features could be added. Azure Monitor should add SMS and APIs. We have very limited access to Azure Monitor. I usually get alerts on my phone when they are integrated with Slack. I am not always available, but my team is. Sometimes, I am traveling and don't have access to my email, but I have Slack and other third-party projects that send me instant messages if a sensor goes down."
"The solution needs better monitoring. It requires better log controls."
"The length of latency is terrible and needs to be improved."
"Azure Monitor is not user-friendly, and the interface is not exciting. Switching between the dashboards is not easy."
"This solution could be improved with more out-of-the-box functionalities and artificial intelligence to complete event correlation."
"In my opinion, they should improve the overall user experience, especially when it comes to indexing and searching collective logs."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"Considering the contract thing and the whole legal area, it takes forever to get the contracts signed and to be able to agree to the terms and conditions for my company as well as for Splunk's team."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
"I would like to see more SIEM functionality and a better ticket tool."
"The product must improve insider threat detection."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
"The security can be improved."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Sentry, Prometheus and SolarWinds Server and Application Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and AppDynamics. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.